In JBoss EAP 7.3.0 and later which merged RESTEASY-2189, the default ExceptionHandler returns "RESTEASY003210: Could not find resource for full path: <path>" in the response body when request path is not found:
$ curl 127.0.0.1:8080/helloworld-rs/rest/html RESTEASY003210: Could not find resource for full path: http://127.0.0.1:8080/helloworld-rs/rest/html
A malicious user can find out that RESTEasy is being used in the backend. I believe the default message returned by the server should not contain any messages that can guess the product name or versions.
I think it would be more appropriate to just return the response header same as in JBoss EAP 7.2.9 and earlier.
- incorporates
-
JBEAP-22401 [GSS](7.4.z) RESTEASY-2997 - RESTEASY003210 is appeared in response body when request resource is not found
- Closed